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associating a first policy of a first model set in a first package with a first table within 

the database system; and 
invoking the access mediation routine in the first package for determining whetherto 



allow operation on data in the first table based on the first policy. 

(Amended) A method according to Claim 6, further comprising the step of forming 
said each package of said one or more packages so that the access mediation routine 
conforms to a specified interface for enforcing a policy in the database management 
system. 

(Amended) A method according to Claim 7, said step of forming said each package 
further comprising including one or more administrative routines for defining a policy 
for the model set. 



(Amended) A method according to Claim 10, said step of invoking the administrative 
routine of the first package further comprising providing to the administrative routine 
of the first package a plurality of parameters including a policy name for the first 
policy and a plurality of label names for labels of the first policy. 




OID 2001-090-01 



2 



I 

1 19. (Amended) A method according to Claim 6, wherein. 

2 the method further comprises the step of determining a set of allowed labels for the 
i 3 first policy for a user of the database management system; 

| p^7y 4 said step of invoking the access mediation routine is performed during said step of 

5 determining the set of allowed labels; and 

6 the user is allowed to operate on the data according to the first policy if the data is 

7 ' associated with a label for the first policy and the label is included in the set of 

8 allowed labels for the first policy. 



1 26. (Amended) A computer-readable medium carrying one or more sequences of 

2 instructions for managing access to data in a database based on a database policy set 

3 of one or more label-based security policies, wherein execution of the one or more 

4 sequences of instructions by one or more processors causes the one or more 
1 5 processors to perform the steps of: 

6 registering, with a database management system, one or more packages of routines, 

7 wherein each package of said one or more packages implements a security 

8 model that supports a model set of one or more policies of the database policy 

9 set and said each package includes an access mediation routine; 

10 associating a first policy of a first model set in a first package with a first table within 

1 1 the database system; and 

12 invoking the access rrtediation routine in the first package for determining whether to 

13 allow operation on data in the first table based on the first policy. 
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1 28. (Amended) A computer-readable medium according to Claim 27, wherein said each 

2 package of said one or more packages includes one or more administrative routines 

3 for defining a policy for the model set. 



^ — — 

1 31. (Amended) A computer-readable medium according to Claim 30, said step of 

2 invoking the administrative routine of the first package further comprising providing 

3 to the administrative routine of the first package a plurality of parameters including a 

4 policy name for the first policy and a plurality of label names for labels of the first 

5 policy. 

^ : _ 



01 



1 39. (Amended) A computer-readable medium according to Claim 26, wherein. 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the step of determining a set of allowed labels for the 

4 first policy for a user of the database management system; 

5 said step of invoking the access mediation routine is performed during said step of 

6 determining the set of allowed labels; and 

7 the user is allowed to operate on the data according to the first policy if the data is 

8 associated with a label for the first policy and the label is included in the set of 

9 allowed labels for the first policy. 
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1 1. (Not Amended) A method for managing access to data in a database subject to a 

2 plurality of label-based security policies, the method comprising the steps of: 

3 receiving, within a database management system, a request for performing an 

4 operation set of one or more operations on data in a table of the database; 

5 determining which policies, of the plurality of label-based policies, apply to the table 

6 based on a policy set of one or more policies associated with the table; and 

7 for each operation in the operation set, determining whether to perform the operation 

8 on a row of the table based on a set of labels associated with the row, the set 

9 of labels corresponding to the policy set. 

1 2. (Not Amended) A method according to Claim 1, further comprising adding a policy 

2 column to the table for each policy in the policy set associated with the table 

1 3. (Not Amended) A method according to Claim 2, further comprising storing a label, 

2 of the set of labels associated with the row, in a corresponding policy column of the row. 

1 4. (Not Amended) A method according to Claim 2, said step of determining which 

2 policies apply further comprising the step of determining whether a column is a policy 

3 column. 

1 5. (Not Amended) A method according to Claim 1, wherein the policy set associated 

2 with the table includes two or more policies of the plurality of label-based policies. 

1 6. (Amended) A method for managing access to data in a database based on a database 

2 policy set of one or more label-based security policies, the method comprising the steps of: 



OID 2001-090-01 



1 



ft ft 

3 registering, with a database management system, one or more package packages- of 

4 routines, wherein each package of said one or more packages implements a 

5 security model that supports a model set of one or more policies of the 

6 database policy set and said each package includes an access mediation 

7 routine; 

8 associating a first policy of a first model set in a first package with a first table within 

9 the database system; and 

10 invoking the access mediation routine in the first package for determining whether to 

1 1 allow operation on data in the first table based on the first policy. 

1 7. (Amended) A method according to Claim 6, further comprising the step of forming 

2 said each package of said one or more packages so that the access mediation routine 

3 conforms to a specified interface for enforcing a policy in the database management system. 

1 8. (Amended) A method according to Claim 7, said step of forming the - said each 

2 package further comprising including one or more administrative routines for defining a 

3 policy for the model set. 

1 9. (Not Amended) A method according to Claim 8, said step of including one or more 

2 administrative routines for defining a policy further comprising including one or more 

3 administrative routines for defining a name for a particular policy; labels for the particular 

4 policy; descriptions for the labels; and properties for the labels. 

1 10. (Not Amended) A method according to Claim 6, further comprising the step of 

2 invoking an administrative routine of the first package for defining the first policy. 
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1 11. (Amended) A method according to Claim 10, said step ofjnvoking the administrative 

2 routine of the first package further comprising providing to the administrative routine of the 

3 first package a plurality of parameters including a policy name for the first policy and a 

4 plurality of label names for labels of the first policy. 

1 12. (Not Amended) A method according to Claim 6, further comprising, in response to 

2 attempts to operate on data in a row in the table, the step of determining that the first policy 

3 applies to the table. 

1 13. (Not Amended) A method according to Claim 6, further comprising the steps of: 

2 associating a second policy of a second model set in a second package with a second 

3 table within the database system; and 

4 invoking the access mediation routine in the second package for determining whether 

5 to allow operation on data in the second table based on the second policy. 

1 14. (Not Amended) A method according to Claim 13, wherein the second model in the 

2 second package is the same as the first model in the first package. 

1 15. (Not Amended) A method according to Claim 13, wherein the second model in the 

2 second package is different from the first model in the first package. 

1 16. (Not Amended) A method according to Claim 13, wherein the second table is the 

2 same as the first table. 

1 17. (Not Amended) A method according to Claim 13, wherein the second table is 

2 different from the first table. 
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1 18. (Not Amended) A method according to Claim 6, said step of invoking the access 

2 mediation routine in the first package further comprising providing data indicating the first 

3 policy to the access mediation routine. 

1 19. (Amended) A method according to Claim 6, wherein. 

2 the method further comprises the step of determining a set of allowed labels for the 

3 first policy for a user of the database management system; 

4 said step of invoking the access mediation routine is performed during said step of 

5 determining the set of allowed labels; and 

6 the user is allowed to operate on the data according to the first policy if the data is 

7 associated with a label for the first policy and the label is included jnjhe set of 

8 allowed labels for the first policy. 

1 20. (Not Amended) A method according to Claim 19, further comprising the step of 

2 storing the set of allowed labels in a session cache for a communication session between the 

3 database management system and the user. 

1 21. (Not Amended) A computer-readable medium carrying one or more sequences of 

2 instructions for managing access to data in a database subject to a plurality of label-based 

3 security policies, wherein execution of the one or more sequences of instructions by one or 

4 more processors causes the one or more processors to perform the steps of: 

5 receiving a request for performing an operation set of one or more operations on data 

6 in a table of the database; 

7 determining which policies, of the plurality of label-based policies, apply to the table 

8 based on a policy set of one or more policies associated with the table; and 
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for each operation in the operation set, determining whether to perform the operation 



10 



on a row of the table based on a set of labels associated with the row, the set 



11 



of labels corresponding to the policy set. 



1 22. (Not Amended) A computer-readable medium according to Claim 21, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the step of adding a policy column to the table for each policy in the 

4 policy set associated with the table 

1 23. (Not Amended) A computer-readable medium according to Claim 22, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the step of storing a label, of the set of labels associated with the row, 

4 in a corresponding policy column of the row. 

1 24. (Not Amended) A computer-readable medium according to Claim 22, said step of 

2 determining which policies apply further comprising the step of determining whether a 

3 column is a policy column. 

1 25. (Not Amended) A computer-readable medium according to Claim 21, wherein the 

2 policy set associated with the table includes two or more policies of the plurality of label- 

3 based policies. 

1 26. (Amended) A computer-readable medium carrying one or more sequences of 

2 instructions for managing access to data in a database based on a database policy set of one or 

3 more label-based security policies, wherein execution of the one or more sequences of 

4 instructions by one or more processors causes the one or more processors to perform the steps 
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5 of: 

6 registering, with a database management system, one or more package packages of 

7 routines, wherein each package of said one or more packages implements a 

8 security model that supports a model set of one or more policies of the 

9 database policy set and said each package includes an access mediation 

10 routine; 

1 1 associating a first policy of a first model set in a first package with a first table within 

12 the database system; and 

13 invoking the access mediation routine in the first package for determining whether to 

14 allow operation on data in the first table based on the first policy. 

1 27. (Not Amended) A computer-readable medium according to Claim 26, wherein the 

2 access mediation routine conforms to a specified interface for enforcing a policy in the 

3 database management system. 

1 28. (Amended) A computer-readable medium according to Claim 27, wherein the 

2 package said each package of said one or more packages includes one or more administrative 

3 routines for defining a policy for the model set. 

1 29. (Not Amended) A computer-readable medium according to Claim 28, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the step of defining a name for a particular policy; labels for the 

4 particular policy; descriptions for the labels; and properties for the labels. 

1 30. (Not Amended) A computer-readable medium according to Claim 26, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 
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3 processors to perform the step of invoking an administrative routine of the first package for 

4 defining the first policy. 

1 31. (Amended) A computer-readable medium according to Claim 30, said step of 

2 invoking the administrative routine of the first package further comprising providing to the 

3 administrative routine of the first package a plurality of parameters including a policy name 

4 for the first policy and a plurality of label names for labels of the first policy. 

1 32. (Not Amended) A computer-readable medium according to Claim 26, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform, in response to attempts to operate on data in a row in the table, the step 

4 of determining that the first policy applies to the table. 

1 33. (Not Amended) A computer-readable medium according to Claim 26, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the steps of: 

4 associating a second policy of a second model set in a second package with a second 

5 table within the database system; and 

6 invoking the access mediation routine in the second package for determining whether 

7 to allow operation on data in the second table based on the second policy. 
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1 34. (Not Amended) A computer-readable medium according to Claim 33, wherein 

2 the second model in the second package is the same as the first model in the first package. 



1 35. (Not Amended) A computer-readable medium according to Claim 33, wherein 

2 the second model in the second package is different from the first model in the first 

3 package. 

1 36. (Not Amended) A computer-readable medium according to Claim 33, wherein 

2 the second table is the same as the first table. 

1 37. (Not Amended) A computer-readable medium according to Claim 33, wherein 

2 the second table is different from the first table. 

1 38. (Not Amended) A computer-readable medium according to Claim 26, said step of 

2 invoking the access mediation routine in the first package further comprising providing 

3 data indicating the first policy to the access mediation routine. 

1 

1 39. (Amended) A computer-readable medium according to Claim 26, wherein. 

2 execution of the one or more sequences of instructions further causes the one or 

3 more processors to perform the step of determining a set of allowed labels 

4 for the first policy for a user of the database management system; 

5 said step of invoking the access mediation routine is performed during said step of 
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6 determining the set of allowed labels; and 

7 the user is allowed to operate on the data according to the first policy if the data is 

8 associated with a label for the first policy and the label is included in the 

9 set of allowed labels for the first policy. 



, 1 40. (Not Amended) A computer-readable medium according to Claim 39, wherein 

2 execution of the one or more sequences of instructions further causes the one or more 

3 processors to perform the step of storing the set of allowed labels in a session cache for a 

4 communication session between the database management system and the user. 



ODD 2001-090-01 



9 



